Reported: 2020-03-05 06:50 UTC by Prasad J Pandit
Modified: 2020-03-05 07:46 UTC
(History)
34
users

(show)


Fixed In Version:

qemu-4.2.0

Doc Type:

If docs needed, set a value

Doc Text:

A memory leakage flaw was found in the way VNC display driver of QEMU handled connection disconnect, when ZRLE, Tight encoding is enabled. It creates two vncState objects, one of which allocates memory for Zlib’s data object. This allocated memory is not free’d upon disconnection resulting in the said memory leakage issue. A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario.

Clone Of:

Environment:

Last Closed:



Source link

Write a comment:
*

Your email address will not be published.